<?php
if(!defined('IN_INDEX')) { header('location: index.php'); exit; }

$smarty->config_load($settings['language_file'],'emails');
$lang = $smarty->get_config_vars();

if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_posting']>0)
{
	require('modules/captcha/captcha.php');
	$captcha = new captcha();
}

if(isset($_REQUEST['p_category']) && isset($_SESSION[$settings['session_prefix'].'usersettings']['category']) && $_SESSION[$settings['session_prefix'].'usersettings']['category']!=intval($_REQUEST['p_category'])) $_SESSION[$settings['session_prefix'].'usersettings']['category'] = 0;
if(isset($_SESSION[$settings['session_prefix'].'usersettings']['category'])) $category = intval($_SESSION[$settings['session_prefix'].'usersettings']['category']);
else $category = 0;
$p_category = 0;

if(isset($_REQUEST['id'])) $id = intval($_REQUEST['id']); else $id=0;
if(isset($_REQUEST['page'])) $page = intval($_REQUEST['page']); else $page = 1;
if(isset($_REQUEST['order'])) $order = $_REQUEST['order']; else $order = 'last_reply';
if(isset($_REQUEST['descasc']) && $_REQUEST['descasc']=='ASC') { $descasc = 'DESC'; $page = 1; } else $descasc="DESC";
if(isset($_REQUEST['back'])) $back = $_REQUEST['back']; else $back = 'index';
if(isset($_REQUEST['posting_mode'])) $posting_mode = $_REQUEST['posting_mode']; else $posting_mode = 0;
if(isset($_REQUEST['p_user_id'])) $p_user_id = $_REQUEST['p_user_id'];
else
{
	if($posting_mode==0 && isset($_SESSION[$settings['session_prefix'].'user_id'])) $p_user_id = $_SESSION[$settings['session_prefix'].'user_id'];
	else $p_user_id = 0;
}

if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
else $action = 'posting';

if(isset($_REQUEST['lock'])) $action = 'lock';
if(isset($_GET['edit'])) $action = 'edit';
//if(isset($_GET['retweet'])) $action = 'retweet';
if(isset($_GET['report_spam'])) $action = 'report_spam';
if(isset($_GET['flag_ham'])) $action = 'flag_ham';
if(isset($_GET['delete_marked'])) $action = 'delete_marked';
if(isset($_GET['manage_postings'])) $action = 'manage_postings';
if(isset($_POST['lock_old_threads_submit'])) $action = 'lock_old_threads_submit';
if(isset($_POST['lock_all_threads_submit']) || isset($_POST['unlock_all_threads_submit'])) $action = 'lock_all_threads_submit';
if(isset($_POST['move_threads_submit'])) $action = 'move_posting';
if(isset($_POST['comment_posting_submit'])) $action = 'comment_posting';
if(isset($_POST['move_posting_confirm'])) $action = 'move_posting_confirmed';
if(isset($_POST['comment_posting_confirm'])) $action = 'comment_posting_confirmed';
if(isset($_GET['delete_spam'])) $action = 'delete_spam';
if(isset($_POST['report_spam_submit']) || isset($_POST['report_spam_delete_submit'])) $action = 'report_spam_submit';
if(isset($_POST['report_flag_ham_submit']) || isset($_POST['flag_ham_submit'])) $action = 'flag_ham_submit';
if(isset($_POST['delete_marked_submit'])) $action = 'delete_marked_submit';
if(isset($_POST['delete_spam_submit'])) $action = 'delete_spam_submit';
if(isset($_POST['save_entry']) || isset($_POST['preview'])) $action = 'posting_submitted';
if(isset($_REQUEST['mark'])) $action = 'mark';

// permission to upload images:
if($settings['upload_images']==1 && isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0) $smarty->assign('upload_images',true);
elseif($settings['upload_images']==2 && isset($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign('upload_images',true);
elseif($settings['upload_images']==3) $smarty->assign('upload_images',true);

if(isset($_REQUEST['delete_posting']))
{
	if(empty($_REQUEST['delete_posting_confirm'])) $action = 'delete_posting';
	else $action = 'delete_posting_confirmed';
}

if(isset($_REQUEST['drain_posting']))
{
	if(empty($_REQUEST['drain_posting_confirm'])) $action = 'drain_posting';
	else $action = 'drain_posting_confirmed';
}

if(isset($_REQUEST['fold_posting']))
{
	if(empty($_REQUEST['fold_posting_confirm'])) $action = 'fold_posting';
	else $action = 'fold_posting_confirmed';
}

if(isset($_REQUEST['retweet']))
{
	if(empty($_REQUEST['retweet_posting_confirm'])) $action = 'retweet_posting';
	else $action = 'retweet_posting_confirmed';
}

// clicked on "spam" but should only be deleted without reporting:
if(isset($_POST['delete_submit']))
{
	$_REQUEST['delete_posting'] = intval($_POST['id']);
	$action = 'delete_posting_confirmed';
}

// smilies:
if($settings['smilies']==1 && ($action=='posting' || $action=='edit' || $action == 'posting_submitted'))
{
	$smiley_result = @mysql_query("SELECT id, file, code_1, code_2, code_3, code_4, code_5, title FROM ".$db_settings['smilies_table']." ORDER BY order_id ASC", $connid) or raise_error('database_error',mysql_error());
	$i=0;
	while($row = mysql_fetch_array($smiley_result))
	{
		$smilies[$i]['id'] = $row['id'];
		$smilies[$i]['file'] = stripslashes($row['file']);
		$smilies[$i]['code'] = stripslashes($row['code_1']);
		$smilies[$i]['title'] = stripslashes($row['title']);
		$i++;
	}
	mysql_free_result($smiley_result);
	if(isset($smilies))
	{
		$smarty->assign('smilies',$smilies);
		$smarty->assign('smilies_count',count($smilies));
	}
}

switch($action)
{
	case 'mark':
		if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
		{
			$id = intval($_REQUEST['mark']);
			$mark_result = @mysql_query("SELECT marked FROM ".$db_settings['forum_table']." WHERE id=".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
			$field = mysql_fetch_array($mark_result);
			mysql_free_result($mark_result);
			if($field['marked']==0) $marked = 1; else $marked = 0;

			@mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, marked=".$marked." WHERE id=".$id, $connid);

			if(isset($_POST['method']) && $_POST['method']=='ajax')
			{
				header('Content-Type: application/xml; charset=UTF-8');
				echo '<?xml version="1.0"?>';
				?>
<mark>
<action>
				<?php echo $marked; ?>
</action>
</mark>
				<?php
}
else
{
	if(isset($_GET['back'])) header('Location: index.php?id='.intval($_GET['back']));
	else header('Location: index.php?mode=index');
}
exit;
}
else
{
	header('Location: index.php?mode=index');
	exit;
}
break;
case 'posting':
	// is user authorisized to post messages?
	if($settings['entries_by_users_only']!=0 && empty($_SESSION[$settings['session_prefix'].'user_id']))
	{
		$back = '&back=posting';
		if(isset($id) && $id>0) $back .= '&id='.$id;
		header('Location: index.php?mode=login&login_message=registered_users_only'.$back);
		exit;
	}
	else
	{
		if($id==0) // new posting
		{
			$link_name = 'back_to_index_link';
			$link_title = 'back_to_index_link_title';
			$smarty->assign('p_category',$category);
			$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>$link_title, 'name'=>$link_name);
		}
		else // reply
		{
			// get data of message:
			$result = mysql_query("SELECT tid, pid, name, subject, category, text, locked, ".$db_settings['userdata_table'].".user_name, ".$db_settings['userdata_table'].".user_id owner_uid FROM ".$db_settings['forum_table']."
			JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id 
       		WHERE id = ".$id, $connid) or raise_error('database_error',mysql_error());
			if(mysql_num_rows($result)==1)
			{
				$field = mysql_fetch_array($result);
				mysql_free_result($result);

				if($field['locked'] > 0 && (empty($_SESSION[$settings['session_prefix'].'user_type']) || (isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type'] != 2 && $_SESSION[$settings['session_prefix'].'user_type'] != 1)))
				{
					$link_name = 'back_to_entry_link';
					$link_title = 'back_to_entry_link_title';

					//Ted: some users don't have nick name so let's display username and nick name
					$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
					//old code
					//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
					//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
					$smarty->assign('no_authorisation','thread_locked_no_reply');
				}
				else
				{
					$link_name = 'back_to_entry_link';
					$link_title = 'back_to_entry_link_title';
					//Ted: some users don't have nick name so let's display username and nick name
					$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
					//old code
					//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
					//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
					//           $smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
					$smarty->assign('p_category',$field['category']);
					#$smarty->assign('name',htmlspecialchars(stripslashes($field["name"])));
					#$text = wordwrap(stripslashes($field['text']),75);
					$text = stripslashes($field['text']);
					#$text = preg_replace("/^/m", $settings['quote_symbol']." ", $text);
					$text = quote_reply($text);
					$text = addslashes($text);
					$smarty->assign('text',htmlspecialchars(stripslashes($text)));
					$smarty->assign('hide_quote',true);

					if(isset($_SESSION[$settings['session_prefix'].'user_id']))
					{
						$user_id = $_SESSION[$settings['session_prefix'].'user_id'];
					}

					if($user_id == $field['owner_uid']){
						$smarty->assign('display_thumbs', false);
					}else{
		    $sql = mysql_query ("SELECT count(*) t FROM ".$db_settings['thumbsdetails_table']." WHERE pid = '$id' and uid='$user_id'", $connid) or raise_error('database_error',mysql_error());
		    $row = mysql_fetch_array ($sql);
		    $count = $row['t'];
		    if($count>0){
		    	$smarty->assign('display_thumbs', false);
		    }else{
		    	$smarty->assign('display_thumbs', true);
		    }
					}

				}
				if(empty($back) || isset($back) && $back=='entry')
				{
					$subnav_link = array('id' => $id, 'title'=>$link_title, 'name'=>$link_name);
				}
				else
				{
					$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>$link_title, 'name'=>$link_name);
				}
			}
			else
			{
				$subnav_link = array('mode'=>$back, 'title'=>'forum_index_link_title', 'name'=>'forum_index_link');
				$smarty->assign('no_authorisation','error_posting_unavailable');
			}
		}
			
		if(isset($_COOKIE[$settings['session_prefix'].'userdata']))
		{
			$cookie_parts = explode("|", $_COOKIE[$settings['session_prefix'].'userdata']);
			$smarty->assign('name',stripslashes(urldecode($cookie_parts[0])));
			if(isset($cookie_parts[1])) $smarty->assign('email',stripslashes(urldecode($cookie_parts[1])));
			if(isset($cookie_parts[2])) $smarty->assign('hp',stripslashes(urldecode($cookie_parts[2])));
			if(isset($cookie_parts[3])) $smarty->assign('location',stripslashes(urldecode($cookie_parts[3])));
			$smarty->assign('setcookie',1);
			$smarty->assign('cookie',TRUE);
		}

		if(isset($_SESSION[$settings['session_prefix'].'user_id']))
		{
			list($signature) = @mysql_fetch_row(mysql_query("SELECT signature FROM ".$db_settings['userdata_table']." WHERE user_id=".intval($_SESSION[$settings['session_prefix'].'user_id']), $connid));
			if(!empty($signature))
			{
				$smarty->assign('signature',true);
				$smarty->assign('show_signature',1);
			}
		}

		$smarty->assign("style",$_SESSION[$settings['session_prefix'].'usersettings']['style']);
		$smarty->assign("uniqid",uniqid(""));
		$smarty->assign('posting_mode',0);
		$smarty->assign('id',$id);
		$smarty->assign('back',$back);
		$smarty->assign('action',$action);
		if($settings['terms_of_use_agreement']==1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign("terms_of_use_agreement",true);
			
		if(isset($_SESSION[$settings['session_prefix'].'user_id']) || $settings['email_notification_unregistered']) $smarty->assign('provide_email_notification',true);
			
		$smarty->assign("subnav_link",$subnav_link);
		$smarty->assign('subtemplate','posting.tpl.inc');
	}
	break;
case 'posting_submitted':
	if(isset($_POST['posting_mode'])) $posting_mode = intval($_POST['posting_mode']);
	else $posting_mode = 0;

	// clear edit keys
	if($settings['user_edit']==2 && $settings['edit_max_time_period']>0)
	{
		@mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, edit_key='' WHERE time < (NOW() - INTERVAL ".intval($settings['edit_max_time_period'])." MINUTE)", $connid);
	}

	// import, trim and complete data:
	if(isset($_POST['uniqid'])) $uniqid = trim($_POST['uniqid']);
	if(isset($_POST['pid'])) $pid = intval($_POST['pid']); else $pid=0;
	if(empty($name) && isset($_POST['name'])) $name = trim($_POST['name']);
	if(empty($user_id)) $user_id = 0;
	if(isset($_POST['email'])) $email = trim($_POST['email']); else $email = '';
	if(isset($_POST['hp'])) $hp = trim($_POST['hp']); else $hp = '';
	if(isset($_POST['location'])) $location = trim($_POST['location']); else $location = '';
	if(isset($_POST['show_signature'])) $show_signature = intval($_POST['show_signature']); else $show_signature=0;
	if(isset($_POST['email_notification'])) $email_notification = intval($_POST['email_notification']); else $email_notification=0;;
	if(isset($_POST['subject'])) $subject = trim($_POST['subject']);
	if(isset($_POST['text'])) $text = trim($_POST['text']);
	if(isset($_POST['setcookie'])) $setcookie = trim($_POST['setcookie']); else $setcookie=0;
	if(isset($_POST['sticky']) && $_POST['sticky']==1 && isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type']>0)) $sticky=1; else $sticky=0;
	if(isset($_POST['tweet']) && $_POST['tweet']==1 ) $tweet=1; else $tweet=0;
	if(isset($_POST['terms_of_use_agree']) && $_POST['terms_of_use_agree']==1) $terms_of_use_agree=1; else $terms_of_use_agree=0;

	if($id!=0 && $posting_mode==0 || $posting_mode==1 && $pid>0)
	{
		// get category of parent posting:
		$c_result = @mysql_query("SELECT category FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)) or raise_error('database_error',mysql_error());
		$c_data = mysql_fetch_array($c_result);
		$p_category = $c_data['category'];
		mysql_free_result($c_result);
	}
	elseif(isset($_POST['p_category'])) $p_category = intval($_POST['p_category']);
	// end trim and complete data

	if($posting_mode==0) // new message
	{
		// double entry?
		list($double_entry_count) = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE uniqid = '".mysql_real_escape_string($uniqid)."' AND time > (NOW()-INTERVAL 1 HOUR)", $connid));
		if($double_entry_count > 0)
		{
			header("Location: index.php?mode=index");
			exit;
		}
			
		// flood prevention:
		if(empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['save_entry']))
		{
			list($flood_count) = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE ip = '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."' AND time > (NOW()-INTERVAL ".$settings['flood_prevention_minutes']." MINUTE)", $connid));
			if($flood_count > 0)
			{
				$smarty->assign('minutes',$settings['flood_prevention_minutes']);
				$errors[] = 'error_repeated_posting';
			}
		}
			
		// is it a registered user?
		if(isset($_SESSION[$settings['session_prefix'].'user_id']))
		{
			$user_id = $_SESSION[$settings['session_prefix'].'user_id'];
			$name = $_SESSION[$settings['session_prefix'].'user_name'];
		}

		// get thread-ID if reply:
		if($id!=0)
		{
			$tid_result = mysql_query("SELECT tid, name, category, locked, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
        	JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id 
        	WHERE id=".$id, $connid);
			if(!$tid_result) raise_error('database_error',mysql_error());
			if(mysql_num_rows($tid_result)!=1)
			{
				$errors[] = 'error_posting_unavailable';
			}
			else
			{
				$field = mysql_fetch_array($tid_result);
				mysql_free_result($tid_result);
				if($field['locked']!=0) $errors[] = 'thread_locked_no_reply';
				if($field['category']!=0 && !in_array($field['category'], $category_ids)) $errors[] = 'error_invalid_category';
				$thread = $field['tid'];
				//Ted: some users don't have nick name so let's display username and nick name
				$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
				//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
				//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
				$link_name = 'back_to_entry_link';
				$link_title = 'back_to_entry_link_title';
			}
		}
		else
		{
			$thread = 0;
			$link_name = 'back_to_index_link';
			$link_title = 'back_to_index_link_title';
		}
		if(isset($link_title))
		{
			if($back=='entry') $subnav_link = array('id' => $id, 'title'=>$link_title, 'name'=>$link_name);
			else $subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>$link_title, 'name'=>$link_name);
		}
		else
		{
			$subnav_link = array('mode'=>'index', 'name'=>'forum_index_link', 'title'=>'forum_index_link_title');
		}
		$smarty->assign("subnav_link",$subnav_link);
	}

	elseif($posting_mode==1) // edit message
	{
		$edit_result = mysql_query("SELECT ".$db_settings['forum_table'].".user_id, user_name, locked, UNIX_TIMESTAMP(time) AS time FROM ".$db_settings['forum_table']."
                                 LEFT JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id
                                 WHERE id = ".$id, $connid) or raise_error('database_error',mysql_error());
			
		if(mysql_num_rows($edit_result)!=1) $errors[] = 'error_posting_unavailable';
		$field = mysql_fetch_array($edit_result);
		mysql_free_result($edit_result);
			
		if(empty($errors))
		{
			if(empty($name) && $field['user_id']>0) $name = $field['user_name'];
			if(!$name) $name = $lang['unknown_user'];
			$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
			$smarty->assign('subnav_link', $subnav_link);
			$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($name)));

			if($settings['edit_max_time_period']>0 && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==0))
			{
				$minutes_left_to_edit = round((($field['time']+$settings['edit_max_time_period']*60)-time())/60);
				#if($minutes_left_to_edit==0) $minutes_left_to_edit = '< 1';
				if($minutes_left_to_edit>=0) $smarty->assign('minutes_left_to_edit',$minutes_left_to_edit);
			}
		}
	}

	// check data:
	if(isset($_POST['tags']) && isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type']>0))
	{
		$tags = trim($_POST['tags']);
		if(strlen($tags) > 253) $errors[] = 'error_tags_too_long';

		if($tags!='')
		{
			$s_tags = str_replace(';',',', $tags);
			$s_tags = str_replace('"', ',', $s_tags);
			$s_tags = str_replace(' ', ',', $s_tags);
			$s_tags = str_replace(' ', ',', $s_tags);
			$s_tags = str_replace('，', ',', $s_tags);
			$s_tags = str_replace('；', ',', $s_tags);
			$s_tags = str_replace('【', ',', $s_tags);
			$s_tags = str_replace('】', ',', $s_tags);
			$s_tags = str_replace('[', ',', $s_tags);
			$s_tags = str_replace(']', ',', $s_tags);
			$s_tags_array=explode(',',$s_tags);
			$s_tags = ';';
			foreach($s_tags_array as $tag)
			{
				unset($too_long_word);
				$too_long_word = too_long_word($tag,$settings['text_word_maxlength']);
				if($too_long_word) { $errors[] = 'error_word_too_long'; break; }
				$s_tags .= trim($tag).';';
			}
		}
		else $s_tags = '';
	}
	else $s_tags = '';

	if (isset($_POST['url'])) {
		$urlLink = trim($_POST['url']);
		if(strlen($urlLink) > 253) $errors[] = 'error_url_too_long';
	}

	if (isset($_POST['pic'])) {
		$picLink = trim($_POST['pic']);
		if(strlen($picLink) > 253) $errors[] = 'error_pic_too_long';
	}


	if($posting_mode==1)
	{
		$edit_result = mysql_query("SELECT tid, pid, name, user_id, email, hp, location, subject, text, tags, category, email_notification, show_signature, sticky, locked, UNIX_TIMESTAMP(time) AS time, edit_key FROM ".$db_settings['forum_table']." WHERE id = ".$id, $connid) or raise_error('database_error',mysql_error());
		$field = mysql_fetch_array($edit_result);
		mysql_free_result($edit_result);

		// authorisatin check:
		$authorization = get_edit_authorization($id, $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
			
		if($authorization['edit']!=true)
		{
			$errors[] = 'no_authorization_edit';
			#$smarty->assign('minutes',$settings['edit_max_time_period']);
		}
	}

	if($posting_mode==1 && empty($errors))
	{
		// e-mail available for notification?
		if(isset($_SESSION[$settings['session_prefix'].'user_id']))
		{
			if($field['user_id']==0 && $field['email']=='' && isset($email_notification) && $email_notification==1) $errors[] = 'error_no_email_to_notify';
		}
		// twitter available ?
		if(isset($_SESSION['twitter_logged']))
		{
			if (empty($_SESSION['access_token']) || empty($_SESSION['access_token']['oauth_token']) || empty($_SESSION['access_token']['oauth_token_secret']))
			$errors[] = 'error_no_twitter';
		}
	}

	if(empty($errors))
	{
		// check for not accepted words:
		$result=mysql_query("SELECT list FROM ".$db_settings['banlists_table']." WHERE name = 'words' LIMIT 1", $connid);
		if(!$result) raise_error('database_error',mysql_error());
		$data = mysql_fetch_array($result);
		mysql_free_result($result);
		if(trim($data['list']) != '')
		{
			$joined_message = strtolower($name.' '.$email.' '.$hp.' '.$location.' '.$subject.' '.$text);
			$not_accepted_words = explode(',',trim($data['list']));
			foreach($not_accepted_words as $not_accepted_word)
			{
				#if($not_accepted_word!='' && (preg_match("/".$not_accepted_word."/i",$name) || preg_match("/".$not_accepted_word."/i",$text) || preg_match("/".$not_accepted_word."/i",$subject) || preg_match("/".$not_accepted_word."/i",$email) || preg_match("/".$not_accepted_word."/i",$hp) || preg_match("/".$not_accepted_word."/i",$location)))
				if($not_accepted_word!='' && strpos($joined_message, strtolower($not_accepted_word))!==false)
				{
					$smarty->assign('not_accepted_word',htmlspecialchars(stripslashes($not_accepted_word)));
					$errors[] = 'error_not_accepted_word';
					break;
				}
			}
		}
			
		if(!isset($name) || $name == '') $errors[] = 'error_no_name';
			
		// name reserved?
		if(!isset($_SESSION[$settings['session_prefix'].'user_id']))
		{
			$result = mysql_query("SELECT user_name FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '".mysql_real_escape_string(strtolower($name))."'") or raise_error('database_error',mysql_error());
			if(mysql_num_rows($result)>0) $errors[] = 'error_name_reserved';
			mysql_free_result($result);
		}
			
		// name = subject?
		if(strtolower($name)==strtolower($subject)) $errors[] = 'error_name_like_subject';
			
		if (isset($email) && $email != "" and !preg_match(EMAIL_PATTERN, $email)) $errors[] = 'error_email_wrong';
		if(isset($hp) && $hp != "" and !preg_match(HP_PATTERN, $hp)) $errors[] = 'error_hp_wrong';
		if($email == '' && isset($email_notification) && $email_notification == 1 && !isset($_SESSION[$settings['session_prefix'].'user_id'])) $errors[] = 'error_no_email_to_notify';
		if (!isset($subject) || $subject == "") $errors[] = 'error_no_subject';
		if(empty($settings['empty_postings_possible']) || isset($settings['empty_postings_possible']) && $settings['empty_postings_possible'] != 1)
		{
			if (!isset($text) || $text == "")
			$errors[] = 'error_no_text';
		}
			
		if($settings['terms_of_use_agreement']==1 && empty($_SESSION[$settings['session_prefix'].'user_id']) && $terms_of_use_agree!=1) $errors[] = 'terms_of_use_agree_error_posting';
			
		if(mb_strlen(stripslashes($name),$db_settings['client_charset']) > $settings['username_maxlength']) $errors[] = 'error_name_too_long'; //Pasu modified 20080918
		if(strlen(stripslashes($email)) > $settings['email_maxlength']) $errors[] = 'error_email_too_long';
		if(isset($hp) && strlen(stripslashes($hp)) > $settings['hp_maxlength']) $errors[] = 'error_hp_too_long';
		if(strlen(stripslashes($location)) > $settings['location_maxlength']) $errors[] = 'error_location_too_long';
		if(mb_strlen(stripslashes($subject),$db_settings['client_charset']) > $settings['subject_maxlength']) $errors[] = 'error_subject_too_long'; //Pasu modified 20080918
		if(mb_strlen(stripslashes($text),$db_settings['client_charset']) > $settings['text_maxlength']) $errors[] = 'error_text_too_long'; //Pasu modified 20080918
		$smarty->assign('text_length',mb_strlen($text,$db_settings['client_charset'])); //Pasu modified 20080918
			
		// check for too long words:
		if(empty($too_long_word))
		{
			$too_long_word = too_long_word(stripslashes($name),$settings['name_word_maxlength']);
			if($too_long_word) $errors[] = 'error_word_too_long';
		}
		if(empty($too_long_word))
		{
			$too_long_word = too_long_word(stripslashes($location),$settings['location_word_maxlength']);
			if($too_long_word) $errors[] = 'error_word_too_long';
		}
		if(empty($too_long_word))
		{
			$too_long_word = too_long_word(stripslashes($subject),$settings['subject_word_maxlength']);
			if($too_long_word) $errors[] = 'error_word_too_long';
		}
			
		// format text and hide allowed tags:
		$check_text = html_format(stripslashes($text));
		// hide <pre>...</pre> from checking (code):
		$check_text = preg_replace("#\<pre\>(.+?)\</pre\>#is", "", $check_text);
		$check_text = strip_tags($check_text);

		if(empty($too_long_word))
		{
			$too_long_word = too_long_word($check_text,$settings['text_word_maxlength']);
			if($too_long_word) $errors[] = 'error_word_too_long';
		}
	}

	// category check:
	if($id==0 && $categories!=false && empty($categories[$p_category])) $errors[] = 'error_invalid_category';

	// default values for flagging spam:
	$spam = 0;
	$spam_check_status = 0;

	// CAPTCHA check:
	if(empty($errors) && isset($_POST['save_entry']) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_posting']>0)
	{
			
		if($settings['captcha_posting']==2)
		{
			if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
		}
		else
		{
			if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
		}
	}

	// Akismet spam check:
	if(empty($errors) && $settings['akismet_key']!='' && $settings['akismet_entry_check']==1 && isset($_POST['save_entry']) && empty($_SESSION[$settings['session_prefix'].'user_id']))
	{
		require('modules/akismet/akismet.class.php');
		$akismet = new Akismet($settings['forum_address'], $settings['akismet_key']);
		if($akismet->connectionError())
		{
			if($settings['save_spam']==0) $errors[] = 'error_akismet_connection';
			else $spam_check_status = 2;
		}
		elseif($akismet->apiError())
		{
			if($settings['save_spam']==0) $errors[] = 'error_akismet_api_key';
			else $spam_check_status = 3;
		}
		else
		{
			if($name != '') $akismet->setCommentAuthor($name);
			if($email != '') $akismet->setCommentAuthorEmail($email);
			if($hp != '') $akismet->setCommentAuthorURL($hp);
			$akismet->setCommentContent($text);
			if($akismet->isCommentSpam())
			{
				if($settings['save_spam']==0) $errors[] = 'error_spam_suspicion';
				else $spam = 1;
			}
			elseif($akismet->connectionError())
			{
				if($settings['save_spam']==0) $errors[] = 'error_akismet_connection';
				else $spam_check_status = 2;
			}
			else
			{
				$spam_check_status = 1;
			}
		}
	}
	// end check data


	if(empty($errors))
	{
		// save new posting:
		if(isset($_POST['save_entry']) && $posting_mode==0)
		{
			if($settings['entries_by_users_only']!=0 && !$_SESSION[$settings['session_prefix'].'user_name']) die('No autorisation!');

			// if editing own postings by unregistered users, generate edit_key:
			if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['user_edit']==2)
			{
				$edit_key = md5(uniqid(rand()));
				$db_edit_key = md5($edit_key);
			}
			else $db_edit_key = '';

			if(isset($_SESSION[$settings['session_prefix'].'user_id'])) $savename = '';
			else $savename = $name;

			// added by Terry
			if (isset($_SESSION[$settings['session_prefix'].'user_real_name']))
			{
				$savename = $_SESSION[$settings['session_prefix'].'user_real_name'];
			}
			else
			{
				$savename = $name;
			}
			@mysql_query("INSERT INTO ".$db_settings['forum_table']." (pid, tid, uniqid, time, last_reply, user_id, name, subject, email, hp, location, ip, text, tags, show_signature, email_notification, category, sticky, spam, spam_check_status, edit_key, url_link, pic_link ) VALUES (".intval($id).",".intval($thread).",'".$uniqid."',NOW(), NOW(),".intval($user_id).",'".mysql_real_escape_string($savename)."','".mysql_real_escape_string($subject)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($hp)."','".mysql_real_escape_string($location)."','".mysql_real_escape_string($_SERVER["REMOTE_ADDR"])."','".mysql_real_escape_string($text)."','".mysql_real_escape_string($s_tags)."',".intval($show_signature).",".intval($email_notification).",".intval($p_category).",".intval($sticky).",".intval($spam).",".intval($spam_check_status).", '".mysql_real_escape_string($db_edit_key)."','".mysql_real_escape_string($urlLink)."','".mysql_real_escape_string($picLink)."')", $connid) or raise_error('database_error',mysql_error());
			if($id == 0)
			{
				// new thread, set thread id:
				@mysql_query("UPDATE ".$db_settings['forum_table']." SET tid=id, time=time WHERE id = LAST_INSERT_id()", $connid) or raise_error('database_error',mysql_error());
			}
			// reply, set last reply:
			if($id != 0 && $spam == 0)
			{
				@mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=NOW() WHERE tid=".$thread, $connid) or raise_error('database_error',mysql_error());
			}
			// get last entry:
			$result_new = mysql_query("SELECT tid, pid, id FROM ".$db_settings['forum_table']." WHERE id = LAST_INSERT_ID()");
			$new_data = mysql_fetch_array($result_new);
			mysql_free_result($result_new);

			// if editing own postings by unregistered users, set set cookie/session with edit_key:
			if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['user_edit']==2)
			{
				$_SESSION[$settings['session_prefix'].'edit_keys'][$new_data['id']] = $edit_key;
			}

			// lock thread if auto_lock is enabled and there are more than the maximum number of entries in the thread:
			if($settings['auto_lock']>0 && $new_data['pid']!=0)
			{
				list($thread_count) = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE tid=".intval($new_data['tid']), $connid));
				if($thread_count>=$settings['auto_lock']) @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, locked=1 WHERE tid = ".intval($new_data['tid']), $connid);
			}

			// fold thread if auto_fold is enabled and there are more than the maximum number of entries in the thread:
			if($settings['thread_indent_mix_topic']>0 && $new_data['pid']!=0)
			{
				// check whether there is alread a comment be added.
				list($comment_fold_thread) = @mysql_fetch_row(mysql_query("SELECT comment FROM ".$db_settings['forum_table']." WHERE pid=0 and tid = ".intval($new_data['tid']), $connid));
				if(empty($comment_fold_thread))
				{
					// auto_fold comment will be randomly picked up from setting table  $settings['auto_fold_comments']
					$auto_fold_comments_array = explode(",", $settings['auto_fold_comments']);
					$auto_fold_comment = $auto_fold_comments_array[array_rand($auto_fold_comments_array)];
					list($thread_count) = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM ".$db_settings['forum_table']." WHERE tid=".intval($new_data['tid']), $connid));
					if($thread_count>=$settings['thread_indent_mix_topic']) @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, folded=1, comment='".$auto_fold_comment."'  WHERE pid=0 and tid = ".intval($new_data['tid']), $connid);
				}
			}


			// e-mail notification:
			if($spam==0) emailNotification2ParentAuthor($new_data['id']);

			// e-mail notification to admins and mods
			if($spam==0) emailNotification2ModsAndAdmins($new_data['id']);

			// set userdata cookie:
			if($settings['remember_userdata'] == 1)
			{
				if($setcookie==1)
				{
					$cookie_data = urlencode($name).'|'.urlencode($email).'|'.urlencode($hp).'|'.urlencode($location);
					setcookie($settings['session_prefix'].'userdata',$cookie_data,time()+(3600*24*30));
				}
			}
			
			//forum entry updated, now let's tweet post
			//huofu: tweet post to twitter if checked
			if($tweet==1)
			{   require_once('./twitter/JSON/JSON.php');
				require_once('./twitter/twitteroauth/twitteroauth.php');
				require_once('./twitter/config.php');
				require_once('./twitter/shortenurl.php');
				/* If access tokens are not available redirect to connect page. */
				if (!(empty($_SESSION['access_token']) ))
				{
					/* Get user access tokens out of the session. */
					$access_token = $_SESSION['access_token'];
					/* Create a TwitterOauth object with consumer/user tokens. */
					$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
					/* statuses/update */
					date_default_timezone_set('GMT-5');
					//$sid = 0; $urlshorten ="";
					$ssid = 		$new_data['id'];	
					//$url =$web_base."index.php?id=".$id
					$url =BITLY_BASEURL."?id=".$ssid;
					$urlshorten =make_bitly_url($url,BITLY_USER,BITLY_APPKEY);
					//$urlshorten =$url;
					$parameters = array('status');
					if (!isset($text) || $text == "")
					$status = $subject;
					else 	$status = $subject." -- ".$text;
					// We should trim down the status text if it's too long
					// So that our tweets are 135 characters or less
					$postfixmsg=  " ".$urlshorten." ".TWEET_MSG_SUFFIX;
					$tweetlength = mb_strlen($postfixmsg,$db_settings['client_charset']);
					if (mb_strlen($status,$db_settings['client_charset']) > 135-$tweetlength)
					$shortstatus = mb_substr($status, 0, 132-$tweetlength,$db_settings['client_charset']) . "...";
					else	$shortstatus = $status;
					$parameters['status']= $shortstatus." ".$urlshorten." ".TWEET_MSG_SUFFIX;
					$status = $connection->post('statuses/update', $parameters);
					$http_code= $connection->http_code;
					if($http_code != '200'){ 
							$errors[] = 'error_twitter_code_'.$http_code;
							$smarty->assign('errors',$errors);
					}
					else {
						// the post is tweeted without error.
						//update with tw_id.
						// update post id with  tweet user id.
						$tw_id = 0;
						$tw_id=$_SESSION['twitter_id'];
						if($tw_id != 0)
						{
							// set tw user id:
							@mysql_query("UPDATE ".$db_settings['forum_table']." SET tw_id='".$tw_id."'  WHERE id = ".$new_data['id'], $connid);
						}
						
					}
				}
			}
			// end tweet post and check data
			
			//
			if(isset($back) && $back=='thread') header('location: index.php?mode=thread&id='.$new_data['id'].'#p'.$new_data['id']);
			else header('location: index.php?id='.$new_data['id']);
			exit;
		}
			
		// save edited posting:
		elseif(isset($_POST['save_entry']) && $posting_mode==1)
		{
			$tid_result=@mysql_query("SELECT tid, name, location, user_id, subject, text FROM ".$db_settings['forum_table']." WHERE id = ".$id, $connid) or raise_error('database_error',mysql_error());
			$field = mysql_fetch_array($tid_result);
			mysql_free_result($tid_result);

			// unnoticed editing for admins and mods:
			if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==2 && $settings['dont_reg_edit_by_admin']==1 || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==1 && $settings['dont_reg_edit_by_mod']==1 || ($field['text']==$text && $field['subject']==$subject && ($field['user_id']>0 || $field['name']==$name && $field['location']==$location) && isset($_SESSION[$settings['session_prefix'].'user_type']) && ($_SESSION[$settings['session_prefix'].'user_type']==2 || $_SESSION[$settings['session_prefix'].'user_type']==1)))
			{
				if($field['user_id']>0) @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, subject='".mysql_real_escape_string($subject)."', category=".intval($p_category).", email='".mysql_real_escape_string($email)."', hp='".mysql_real_escape_string($hp)."', location='".mysql_real_escape_string($location)."', text='".mysql_real_escape_string($text)."', tags='".mysql_real_escape_string($s_tags)."', url_link='".mysql_real_escape_string($urlLink)."', pic_link='".mysql_real_escape_string($picLink)."', email_notification='".intval($email_notification)."', show_signature='".intval($show_signature)."', sticky=".intval($sticky)." WHERE id=".intval($id), $connid);
				else @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, name='".mysql_real_escape_string($name)."', subject='".mysql_real_escape_string($subject)."', category=".intval($p_category).", email='".mysql_real_escape_string($email)."', hp='".mysql_real_escape_string($hp)."', location='".mysql_real_escape_string($location)."', text='".mysql_real_escape_string($text)."', tags='".mysql_real_escape_string($s_tags)."', url_link='".mysql_real_escape_string($urlLink)."', pic_link='".mysql_real_escape_string($picLink)."', email_notification='".intval($email_notification)."', show_signature='".intval($show_signature)."', sticky=".intval($sticky)." WHERE id=".intval($id), $connid);
			}
			else
			{
				if(isset($_SESSION[$settings['session_prefix'].'user_name'])) $edited_by = $_SESSION[$settings['session_prefix'].'user_name'];
				else $edited_by = $name;
					
				if(isset($_SESSION[$settings['session_prefix'].'user_id'])) $edited_by = $_SESSION[$settings['session_prefix'].'user_id'];
				else $edited_by = 0;
					
				if($field['user_id']>0) @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=NOW(), edited_by=".intval($edited_by).", subject='".mysql_real_escape_string($subject)."', category=".intval($p_category).", email='".mysql_real_escape_string($email)."', hp='".mysql_real_escape_string($hp)."', location='".mysql_real_escape_string($location)."', text='".mysql_real_escape_string($text)."', tags='".mysql_real_escape_string($s_tags)."', url_link='".mysql_real_escape_string($urlLink)."', pic_link='".mysql_real_escape_string($picLink)."', email_notification='".intval($email_notification)."', show_signature='".intval($show_signature)."', sticky=".intval($sticky)." WHERE id=".intval($id), $connid);
				else @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=NOW(), edited_by=".intval($edited_by).", name='".mysql_real_escape_string($name)."', subject='".mysql_real_escape_string($subject)."', category=".intval($p_category).", email='".mysql_real_escape_string($email)."', hp='".mysql_real_escape_string($hp)."', location='".mysql_real_escape_string($location)."', text='".mysql_real_escape_string($text)."', tags='".mysql_real_escape_string($s_tags)."', url_link='".mysql_real_escape_string($urlLink)."', pic_link='".mysql_real_escape_string($picLink)."', email_notification='".intval($email_notification)."', show_signature='".intval($show_signature)."', sticky=".intval($sticky)." WHERE id=".intval($id), $connid);
			}
			$category_update_result = mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, category=".intval($p_category)." WHERE tid = '".$field['tid']."'", $connid);
			@mysql_query("DELETE FROM ".$db_settings['entry_cache_table']." WHERE cache_id=".intval($id), $connid);
			header('location: index.php?mode='.$back.'&id='.$id);
			exit;
		}
			
		// preview:
		elseif(isset($_POST['preview']) && empty($errors))
		{
			$smarty->assign('preview',true);
			if($p_user_id>0)
			{
				$pr_result = @mysql_query("SELECT email_contact, user_hp, user_location, signature FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($p_user_id)." LIMIT 1", $connid) or die(mysql_error());
				$pr_data = mysql_fetch_array($pr_result);
				mysql_free_result($pr_result);
				if($pr_data['email_contact']!=0) $smarty->assign('email',true);
				if(trim($pr_data['user_hp'])!='')
				{
					if(substr($pr_data['user_hp'],0,7) != "http://" && substr($pr_data['user_hp'],0,8) != "https://" && substr($pr_data['user_hp'],0,6) != "ftp://" && substr($pr_data['user_hp'],0,9) != "gopher://" && substr($pr_data['user_hp'],0,7) != "news://") $smarty->assign('preview_hp','http://'.htmlspecialchars(stripslashes($pr_data['user_hp'])));
					else $smarty->assign('preview_hp',htmlspecialchars(stripslashes($pr_data['user_hp'])));
				}
				if(trim($pr_data['user_location'])!='') $smarty->assign('preview_location',htmlspecialchars(stripslashes($pr_data['user_location'])));
				if(trim($pr_data['signature'])!='') $smarty->assign('preview_signature',signature_format(stripslashes($pr_data['signature'])));
				if($pr_data['signature']!='')
				{
					$smarty->assign('signature',true);
					$smarty->assign('show_signature',$show_signature);
				}
			}
			else
			{
				$smarty->assign('email',htmlspecialchars(stripslashes($email)));
				if(trim($hp) != '' && substr($hp,0,7) != "http://" && substr($hp,0,8) != "https://" && substr($hp,0,6) != "ftp://" && substr($hp,0,9) != "gopher://" && substr($hp,0,7) != "news://") $preview_hp = "http://".$hp;
				else $preview_hp = $hp;
				$smarty->assign('hp',htmlspecialchars(stripslashes($hp)));
				$smarty->assign('preview_hp',htmlspecialchars(stripslashes($preview_hp)));
				$smarty->assign('location',htmlspecialchars(stripslashes($location)));
				$smarty->assign('preview_location',htmlspecialchars(stripslashes($location)));
			}
			// actual time:
			list($preview_time) = mysql_fetch_row(mysql_query("SELECT UNIX_TIMESTAMP(NOW() + INTERVAL ".$time_difference." MINUTE)"));
			$smarty->assign('preview_timestamp',$preview_time);
			$preview_formated_time = format_time($lang['time_format_full'],$preview_time);
			$smarty->assign('preview_formated_time',$preview_formated_time);
			$smarty->assign("uniqid",$uniqid);
			$smarty->assign('posting_mode',$posting_mode);
			$smarty->assign('id',$id);
			$smarty->assign('pid',$pid);
			$smarty->assign('back',$back);
			$smarty->assign('p_user_id',$p_user_id);
			$smarty->assign('name',htmlspecialchars(stripslashes($name)));
			$smarty->assign('subject',htmlspecialchars(stripslashes($subject)));
			$smarty->assign('url',htmlspecialchars(stripslashes($urlLink)));
			$smarty->assign('pic',htmlspecialchars(stripslashes($picLink)));
			$smarty->assign('text',htmlspecialchars(stripslashes($text)));
			if(isset($tags)) $smarty->assign('tags',htmlspecialchars(stripslashes($tags)));
			if(isset($p_category)) $smarty->assign('p_category',$p_category);
			$smarty->assign('setcookie',$setcookie);
			$smarty->assign('email_notification',$email_notification);
			$smarty->assign('sticky',$sticky);
			$smarty->assign('tweet',$tweet);
			$smarty->assign('preview_name',htmlspecialchars(stripslashes($name)));
			$preview_text = html_format(stripslashes($text));
			if($settings['terms_of_use_agreement']==1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign("terms_of_use_agreement",true);
			$smarty->assign('terms_of_use_agree',$terms_of_use_agree);
			#$preview_text = nl2br($preview_text);
			#$preview_text = zitat($preview_text);
			#if($settings['autolink'] == 1) $preview_text = make_link($preview_text);
			#if($settings['bbcode'] == 1) $preview_text = bbcode($preview_text);
			#if($settings['smilies'] == 1) $preview_text = smilies($preview_text);
			$smarty->assign('preview_text',$preview_text);
			$smarty->assign('preview_subject',htmlspecialchars(stripslashes($subject)));
			if($p_user_id>0 || $settings['email_notification_unregistered']) $smarty->assign('provide_email_notification',true);
			$smarty->assign('subtemplate','posting.tpl.inc');
		}
	}
	else // errors:
	{
		if(isset($show_signature)) $smarty->assign('show_signature',$show_signature);
		if($p_user_id>0)
		{
			list($signature) = @mysql_fetch_row(mysql_query("SELECT signature FROM ".$db_settings['userdata_table']." WHERE user_id=".intval($p_user_id), $connid));
			if(!empty($signature))
			{
				$smarty->assign('signature',true);
				$smarty->assign('show_signature',$show_signature);
			}
		}
		$smarty->assign('id',$id);
		$smarty->assign('pid',$pid);
		$smarty->assign('errors',$errors);
		if(isset($too_long_word)) $smarty->assign('word',$too_long_word);
		$smarty->assign("uniqid",$uniqid);
		$smarty->assign('back',$back);
		$smarty->assign('posting_mode',$posting_mode);
		if(isset($name)) $smarty->assign('name',htmlspecialchars(stripslashes($name)));
		$smarty->assign('email',htmlspecialchars(stripslashes($email)));
		$smarty->assign('hp',htmlspecialchars(stripslashes($hp)));
		$smarty->assign('location',htmlspecialchars(stripslashes($location)));
		$smarty->assign('subject',htmlspecialchars(stripslashes($subject)));
		$smarty->assign('text',htmlspecialchars(stripslashes($text)));
		if(isset($urlLink)) $smarty->assign('url',htmlspecialchars(stripslashes($urlLink)));
		if(isset($picLink)) $smarty->assign('pic',htmlspecialchars(stripslashes($picLink)));
		if(isset($tags)) $smarty->assign('tags',htmlspecialchars(stripslashes($tags)));
		if(isset($p_category)) $smarty->assign('p_category',$p_category);
		$smarty->assign('setcookie',$setcookie);
		$smarty->assign('email_notification',$email_notification);
		$smarty->assign('sticky',$sticky);
		$smarty->assign('tweet',$tweet);
		$smarty->assign('p_user_id',$p_user_id);

		if($p_user_id>0 || $settings['email_notification_unregistered']) $smarty->assign('provide_email_notification',true);

		if($settings['terms_of_use_agreement']==1 && empty($_SESSION[$settings['session_prefix'].'user_id'])) $smarty->assign("terms_of_use_agreement",true);
		$smarty->assign('terms_of_use_agree',$terms_of_use_agree);
		$smarty->assign('subtemplate','posting.tpl.inc');
	}
	break;
case 'edit':
	$id = intval($_GET['edit']);
	$edit_result = mysql_query("SELECT tid, pid, name, ".$db_settings['userdata_table'].".user_id, email, hp, location, subject, UNIX_TIMESTAMP(time) AS time, text, tags, url_link, pic_link, category, email_notification, show_signature, sticky, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
    JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id 
    WHERE id = ".$id, $connid) or raise_error('database_error',mysql_error());
	if(mysql_num_rows($edit_result)!=1)
	{
		$smarty->assign('no_authorisation','error_posting_unavailable');
		$subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
		$smarty->assign("subnav_link",$subnav_link);
		$smarty->assign('subtemplate','posting.tpl.inc');
		break;
	}

	$field = mysql_fetch_array($edit_result);
	mysql_free_result($edit_result);

	// authorisatin check:
	$authorization = get_edit_authorization($id, $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);

	if($authorization['edit']!=true)
	{
		$smarty->assign('no_authorisation','no_authorization_edit');
		#$smarty->assign('minutes',$settings['edit_max_time_period']);
	}
	elseif($authorization['edit']==true)
	{
		$tags = htmlspecialchars(stripslashes($field['tags']));
		$tags_array = explode(';',$tags);
		foreach($tags_array as $tag)
		{
			if(trim($tag)!='') $tags_array2[] = $tag;
		}
		if(isset($tags_array2)) $tags = implode(', ',$tags_array2);
		else $tags = '';
			
		// if posting is by a registered user, check if he has signature
		if($field['user_id']>0)
		{
			list($signature) = @mysql_fetch_row(mysql_query("SELECT signature FROM ".$db_settings['userdata_table']." WHERE user_id=".intval($field['user_id']), $connid));
			if(!empty($signature))
			{
				$smarty->assign('signature',true);
				$smarty->assign('show_signature',$field['show_signature']);
			}
		}
			
		if($settings['edit_max_time_period']>0 && (empty($_SESSION[$settings['session_prefix'].'user_type']) || isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==0))
		{
			$minutes_left_to_edit = round((($field['time']+$settings['edit_max_time_period']*60)-time())/60);
			$smarty->assign('minutes_left_to_edit',$minutes_left_to_edit);
		}

		$smarty->assign('id',$id);
		$smarty->assign('pid',$field['pid']);
		$smarty->assign('p_user_id',$field['user_id']);
		$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
		$smarty->assign('email',htmlspecialchars(stripslashes($field['email'])));
		$smarty->assign('hp',htmlspecialchars(stripslashes($field['hp'])));
		$smarty->assign('location',htmlspecialchars(stripslashes($field['location'])));
		$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
		$smarty->assign('text',htmlspecialchars(stripslashes($field['text'])));
		$smarty->assign('tags',$tags);
		$smarty->assign('url',htmlspecialchars(stripslashes($field['url_link'])));
		$smarty->assign('pic',htmlspecialchars(stripslashes($field['pic_link'])));
		$smarty->assign('p_category',$field['category']);
		$smarty->assign('email_notification',$field['email_notification']);
		#$smarty->assign('show_signature',$field['show_signature']);
		$smarty->assign('sticky',$field['sticky']);
		//$smarty->assign('tweet',$field['tweet']);
		$smarty->assign('back',$back);
		$smarty->assign('posting_mode',1);
	}
	//Ted: some users don't have nick name so let's display username and nick name
	$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
	//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);

	if($field['user_id']>0 || $settings['email_notification_unregistered']) $smarty->assign('provide_email_notification',true);

	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting.tpl.inc');
	break;
case 'retweet_posting':
	$id = intval($_REQUEST['retweet']);
	//$id = intval($_GET['retweet']);
	$edit_result = mysql_query("SELECT tid, pid, name, ".$db_settings['userdata_table'].".user_id, email, hp, location, subject, UNIX_TIMESTAMP(time) AS time, text, tags, url_link, pic_link, category, email_notification, show_signature, sticky, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
    JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id 
    WHERE id = ".$id." and ".$db_settings['forum_table'].".user_id =".$_SESSION[$settings['session_prefix'].'user_id'], $connid) or raise_error('database_error',mysql_error());
	if(mysql_num_rows($edit_result)!=1)
	{
		$smarty->assign('no_authorisation','error_retweet_unavailable');
		$subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
		$smarty->assign("subnav_link",$subnav_link);
		$smarty->assign('subtemplate','posting.tpl.inc');
		break;
	}
	$field = mysql_fetch_array($edit_result);
	mysql_free_result($edit_result);
	$smarty->assign('id',$id);
	$smarty->assign('retweet',$id);
	$smarty->assign('pid',$field['pid']);
	$smarty->assign('p_user_id',$field['user_id']);
	$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
	$smarty->assign('text',htmlspecialchars(stripslashes($field['text'])));
	$smarty->assign('back',$back);
	//Ted: some users don't have nick name so let's display username and nick name
	$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','retweeting.tpl.inc');
	break;
case 'retweet_posting_confirmed':
	$id = intval($_REQUEST['retweet']);
	$edit_result = mysql_query("SELECT tid, pid, name, ".$db_settings['userdata_table'].".user_id, email, hp, location, subject, UNIX_TIMESTAMP(time) AS time, text, tags, url_link, pic_link, category, email_notification, show_signature, sticky, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
    JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id 
    WHERE id = ".$id." and ".$db_settings['forum_table'].".user_id =".$_SESSION[$settings['session_prefix'].'user_id'], $connid) or raise_error('database_error',mysql_error());
	if(mysql_num_rows($edit_result)!=1)
	{
		$smarty->assign('no_authorisation','error_retweet_unavailable');
		$subnav_link = array('mode'=>'index', 'name'=>'thread_entry_back_link', 'title'=>'thread_entry_back_title');
		$smarty->assign("subnav_link",$subnav_link);
		$smarty->assign('subtemplate','posting.tpl.inc');
		break;
	}

	$field = mysql_fetch_array($edit_result);
	mysql_free_result($edit_result);
	//$errors[] = 'error_uid_'.$id.$field['text'];  // for test purpose
	$smarty->assign('id',$id);
	$smarty->assign('retweet',$id);
	$smarty->assign('pid',$field['pid']);
	$smarty->assign('p_user_id',$field['user_id']);
	$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
	$smarty->assign('text',htmlspecialchars(stripslashes($field['text'])));
	
	//end of check data
	//huofu: tweet post to twitter if checked
	require_once('./twitter/JSON/JSON.php');
	require_once('./twitter/twitteroauth/twitteroauth.php');
	require_once('./twitter/config.php');
	require_once('./twitter/shortenurl.php');
	/* If access tokens are not available redirect to connect page. */
	$res_tweet = false;
	if (!(empty($_SESSION['access_token'])))
	{
		/* Get user access tokens out of the session. */
		$access_token = $_SESSION['access_token'];
		/* Create a TwitterOauth object with consumer/user tokens. */
		$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
		/* statuses/update */
		$subject = $field['subject'];
		$text = $field['text'];
		date_default_timezone_set('GMT-5');
		$sid = 0; $urlshorten ="";
		$sid = $id;
		//$url =$web_base."index.php?id=".$id
		$url =BITLY_BASEURL."?id=".$sid;
		$urlshorten =make_bitly_url($url,BITLY_USER,BITLY_APPKEY);
		//$urlshorten =$url;
		$parameters = array('status');
		if (!isset($text) || $text == "")
				$status = $subject;
		else 	$status = $subject." -- ".$text;
		// We should trim down the status text if it's too long
		// So that our tweets are 135 characters or less
		$postfixmsg=  " ".$urlshorten." ".TWEET_MSG_SUFFIX;
		$tweetlength = mb_strlen($postfixmsg,$db_settings['client_charset']);
		if (mb_strlen($status,$db_settings['client_charset']) > 135-$tweetlength)
		$shortstatus = mb_substr($status, 0, 132-$tweetlength,$db_settings['client_charset']) . "...";
		else	$shortstatus = $status;
		$parameters['status']= $shortstatus." ".$urlshorten." ".TWEET_MSG_SUFFIX;
		$status = $connection->post('statuses/update', $parameters);
		$http_code= $connection->http_code;
		if($http_code != '200') $errors[] = 'error_twitter_code_'.$http_code;
		else 	$res_tweet = true;
	}
	// end tweet post and check data
	
	if(empty($errors))
	{
		// update post uid with  tweet user id.
		$tw_id = 0;
		if ($res_tweet) 
			$tw_id=$_SESSION['twitter_id'];
		if($tw_id != 0)
		{
			// set tw user id:
			@mysql_query("UPDATE ".$db_settings['forum_table']." SET tw_id='".$tw_id."'  WHERE id = ".$id, $connid);
		}
			
		$smarty->assign('id',$id);
		if(isset($back) && $back=='thread') header('location: index.php?mode=thread&id='.$id.'#p'.$id);
		else header('location: index.php?id='.$id);
		exit;
	}
	else
	{
		$smarty->assign('errors',$errors);
		$smarty->assign('retweet',$id);
		$smarty->assign('pid',$field['pid']);
		$smarty->assign('p_user_id',$field['user_id']);
		$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
		$smarty->assign('text',htmlspecialchars(stripslashes($field['text'])));
		$smarty->assign('back',$back);
		//Ted: some users don't have nick name so let's display username and nick name
		$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
		$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
		$smarty->assign("subnav_link",$subnav_link);
		$smarty->assign('subtemplate','retweeting.tpl.inc');
		break;
	}
case 'delete_posting':
	$delete_check_result = mysql_query("SELECT pid, name, subject, ".$db_settings['userdata_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
    JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id 
    WHERE id = ".intval($_REQUEST['delete_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($delete_check_result);
	mysql_free_result($delete_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['delete_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);

	if($authorization['delete']==true)
	{
		$smarty->assign('id',intval($_REQUEST['delete_posting']));
		$smarty->assign('pid',$field['pid']);
		$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
		$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
		$smarty->assign('formated_time',format_time($lang['time_format_full'],$field['disp_time']));
		if(isset($_REQUEST['back'])) $smarty->assign('back',$_REQUEST['back']);
		$smarty->assign('page',$page);
		$smarty->assign('order',$order);
		$smarty->assign('descasc',$descasc);
		$smarty->assign('category',$category);
		$smarty->assign('posting_mode',1);
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation_delete');
	}
	//Ted: some users don't have nick name so let's display username and nick name
	$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
	//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_delete.tpl.inc');
	break;
case 'delete_posting_confirmed':
	$delete_check_result = mysql_query("SELECT pid, name, subject, ".$db_settings['userdata_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
	 JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id   
	 WHERE id = ".intval($_REQUEST['delete_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($delete_check_result);
	mysql_free_result($delete_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['delete_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
	if($authorization['delete']==true)
	{
		if(isset($_REQUEST['back']))
		{
			$result = @mysql_query("SELECT pid FROM ".$db_settings['forum_table']." WHERE id=".intval($_REQUEST['delete_posting'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
			if(mysql_num_rows($result)==1)
			{
				$data = mysql_fetch_array($result);
				if($data['pid']!=0) $pid = $data['pid'];
			}
		}
		delete_posting_recursive($_REQUEST['delete_posting']);
		if(isset($_REQUEST['back']) && $_REQUEST['back']=='entry' && isset($pid)) header('location: index.php?id='.$pid);
		elseif(isset($_REQUEST['back']) && $_REQUEST['back']=='thread' && isset($pid)) header('location: index.php?mode=thread&id='.$pid);
		else header('location: index.php?mode=index');
		exit;
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation_delete');
	}
	//Ted: some users don't have nick name so let's display username and nick name
	$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
	//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_delete.tpl.inc');
	break;
case 'drain_posting':
	$delete_check_result = mysql_query("SELECT pid, name, subject, ".$db_settings['userdata_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
    JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id WHERE id = ".intval($_REQUEST['drain_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($delete_check_result);
	mysql_free_result($delete_check_result);
	$authorization = get_drain_authorization(intval($_REQUEST['drain_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);

	if($authorization['delete']==true)
	{
		$smarty->assign('id',intval($_REQUEST['drain_posting']));
		$smarty->assign('pid',$field['pid']);
		$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
		$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
		$smarty->assign('formated_time',format_time($lang['time_format_full'],$field['disp_time']));
		if(isset($_REQUEST['back'])) $smarty->assign('back',$_REQUEST['back']);
		$smarty->assign('page',$page);
		$smarty->assign('order',$order);
		$smarty->assign('descasc',$descasc);
		$smarty->assign('category',$category);
		$smarty->assign('posting_mode',1);
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation_delete');
	}
	//Ted: some users don't have nick name so let's display username and nick name
	$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
	//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_delete.tpl.inc');
	break;
case 'drain_posting_confirmed':
	$delete_check_result = mysql_query("SELECT pid, name, subject, ".$db_settings['userdata_table'].".user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, ".$db_settings['userdata_table'].".user_name FROM ".$db_settings['forum_table']."
	 JOIN ".$db_settings['userdata_table']." ON ".$db_settings['userdata_table'].".user_id=".$db_settings['forum_table'].".user_id  
     WHERE id = ".intval($_REQUEST['drain_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($delete_check_result);
	mysql_free_result($delete_check_result);
	$authorization = get_drain_authorization(intval($_REQUEST['drain_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
	if($authorization['delete']==true)
	{
		if(isset($_REQUEST['back']))
		{
			$result = @mysql_query("SELECT pid FROM ".$db_settings['forum_table']." WHERE id=".intval($_REQUEST['drain_posting'])." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
			if(mysql_num_rows($result)==1)
			{
				$data = mysql_fetch_array($result);
				if($data['pid']!=0) $pid = $data['pid'];
			}
		}
		$delete_check_result = mysql_query("SELECT id, deleted,tags FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['drain_posting']), $connid) or raise_error('database_error',mysql_error());
		$data = mysql_fetch_array($delete_check_result);
		mysql_free_result($delete_check_result);
		$auto_drain_comment="";
		// auto adding drain  comments if auto drain is enabled ($settings['auto_drain_comments'] !='')
		if($settings['auto_drain_comments']!="" )
		{
			// auto drain comment will be randomly picked up from setting table  $settings['auto_drain_comments']
			$auto_drain_comments_array = explode(",", $settings['auto_drain_comments']);
			$auto_drain_comment = $auto_drain_comments_array[array_rand($auto_drain_comments_array)];
		}
			
		if($data['deleted']==0)
		{	//adding a tag named 回收站 if it is deleted/drained
			$tags = stripslashes($data['tags']);
			if($tags!='')
			{
				$s_tags_array = explode(';',$tags);
				$s_tags = ';';
				foreach($s_tags_array as $tag)
				{
					if(!strstr($tag, "回收站"))  $s_tags .= trim($tag).';';
				}
			}
			else $s_tags = ';';
			$s_tags .= "回收站".';';
			mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=NOW(), deleted=1, comment='".$auto_drain_comment."' , edited_by='".intval($_SESSION[$settings['session_prefix'].'user_id'])."', tags='".mysql_real_escape_string($s_tags)."'  WHERE id = ".$data['id'], $connid); //
		}
		else
		{	//remove tag "回收站" if it is undrained
			$tags = stripslashes($data['tags']);
			if($tags!='')
			{
				$s_tags_array = explode(';',$tags);
				$s_tags = ';';
				foreach($s_tags_array as $tag)
				{
					if(!strstr($tag, "回收站"))  $s_tags .= trim($tag).';';
				}
			}
			else $s_tags = '';
			mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=NOW(), deleted=0, comment='' , edited_by='".intval($_SESSION[$settings['session_prefix'].'user_id'])."', tags='".mysql_real_escape_string($s_tags)."' WHERE id = ".$data['id'], $connid);
		}
		if(isset($_REQUEST['back']) && $_REQUEST['back']=='entry' && isset($pid)) header('location: index.php?id='.$pid);
		elseif(isset($_REQUEST['back']) && $_REQUEST['back']=='thread' && isset($pid)) header('location: index.php?mode=thread&id='.$pid);
		else header('location: index.php?mode=index');
		exit;
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation_delete');
	}
	//Ted: some users don't have nick name so let's display username and nick name
	$smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['user_name']."(".$field['name'].")")));
	//if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	//else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_delete.tpl.inc');
	break;
case 'move_posting':
	$move_check_result = mysql_query("SELECT pid, tid, name, subject, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, category FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['move_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($move_check_result);
	mysql_free_result($move_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['move_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);

	if($authorization['move']==true)
	{
		$smarty->assign('id',intval($_REQUEST['move_posting']));
		$smarty->assign('pid',$field['pid']);
		$smarty->assign('tid',$field['tid']);
		$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
		$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
		$smarty->assign('formated_time',format_time($lang['time_format_full'],$field['disp_time']));
		if(isset($_REQUEST['back'])) $smarty->assign('back',$_REQUEST['back']);
		$smarty->assign('page',$page);
		$smarty->assign('order',$order);
		$smarty->assign('descasc',$descasc);
		$smarty->assign('category',$category);
		$smarty->assign('posting_mode',1);
		$smarty->assign('movefrom',$field['category']);
		$smarty->assign('moveto',intval($_REQUEST['moveto']));
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_move.tpl.inc');
	break;
case 'move_posting_confirmed':
	$move_check_result = mysql_query("SELECT pid,tid, name, subject, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, category FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['move_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($move_check_result);
	mysql_free_result($move_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['move_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
	if($authorization['move']==true)
	{
		if(isset($_REQUEST['back']))
		{
			if($field['tid']!=0) $tid = $field['tid'];
		}
		if($field['category'] == intval($_REQUEST['movefrom']))
		mysql_query("UPDATE ".$db_settings['forum_table']." SET category='".intval($_REQUEST['moveto'])."'   WHERE tid = ".$tid, $connid); //
		if(isset($_REQUEST['back']) && $_REQUEST['back']=='entry' && isset($pid)) header('location: index.php?id='.$tid);
		elseif(isset($_REQUEST['back']) && $_REQUEST['back']=='thread' && isset($pid)) header('location: index.php?mode=thread&id='.$tid);
		else header('location: index.php?mode=index');
		exit;
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_move.tpl.inc');
	break;
case 'comment_posting':
	$comment_check_result = mysql_query("SELECT pid, tid, name, subject, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, comment FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['comment_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($comment_check_result);
	mysql_free_result($comment_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['comment_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);

	if($authorization['comment']==true)
	{
		$smarty->assign('id',intval($_REQUEST['comment_posting']));
		$smarty->assign('pid',$field['pid']);
		$smarty->assign('tid',$field['tid']);
		$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
		$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
		$smarty->assign('formated_time',format_time($lang['time_format_full'],$field['disp_time']));
		if(isset($_REQUEST['back'])) $smarty->assign('back',$_REQUEST['back']);
		$smarty->assign('page',$page);
		$smarty->assign('order',$order);
		$smarty->assign('descasc',$descasc);
		$smarty->assign('category',$category);
		$smarty->assign('posting_mode',1);
		$smarty->assign('oldcomment',$field['comment']);
		$smarty->assign('comment',$_REQUEST['comment']);
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_comment.tpl.inc');
	break;
case 'comment_posting_confirmed':
	$comment_check_result = mysql_query("SELECT pid,tid, name, subject, user_id, UNIX_TIMESTAMP(time) AS time, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, locked, edit_key, comment FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['comment_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($comment_check_result);
	mysql_free_result($comment_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['comment_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
	if($authorization['comment']==true)
	{
		if(isset($_REQUEST['back']))
		{
			if($field['pid']!=0) $pid = $field['pid'];
		}
		mysql_query("UPDATE ".$db_settings['forum_table']." SET comment='".$_REQUEST['comment']."'   WHERE id = ".intval($_REQUEST['comment_posting']), $connid); //
		if(isset($_REQUEST['back']) && $_REQUEST['back']=='entry' && isset($pid)) header('location: index.php?id='.$pid);
		elseif(isset($_REQUEST['back']) && $_REQUEST['back']=='thread' && isset($pid)) header('location: index.php?mode=thread&id='.$pid);
		else header('location: index.php?mode=index');
		exit;
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_comment.tpl.inc');
	break;
case 'delete_marked':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		// OK.
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	$subnav_link = array('mode'=>'index', 'title'=>'back_to_index_link_title', 'name'=>'back_to_index_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_delete_marked.tpl.inc');
	break;
case 'delete_marked_submit':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		$result = mysql_query("SELECT id FROM ".$db_settings['forum_table']." WHERE marked = 1", $connid) or raise_error('database_error',mysql_error());
		while($data = mysql_fetch_array($result))
		{
			delete_posting_recursive($data['id']);
		}
		mysql_free_result($result);
	}
	header('Location: index.php?mode=index');
	exit;

	break;
case 'manage_postings':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		// OK.
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	$subnav_link = array('mode'=>'index', 'title'=>'back_to_index_link_title', 'name'=>'back_to_index_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_manage_postings.tpl.inc');
	break;
case 'lock_old_threads_submit':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		$days = intval($_POST['days']);
		if($days > 0)
		{
			$result = mysql_query("SELECT id FROM ".$db_settings['forum_table']." WHERE pid=0 AND time < (NOW() - INTERVAL ".$days." DAY)", $connid) or raise_error('database_error',mysql_error());
			while($data = mysql_fetch_array($result))
			{
				@mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, locked=1 WHERE tid = ".intval($data['id']), $connid);
			}
			mysql_free_result($result);
		}
	}
	header('Location: index.php?mode=index');
	exit;
	break;
case 'lock_all_threads_submit':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		if(isset($_POST['lock_all_threads_submit'])) $lock=1;
		elseif(isset($_POST['unlock_all_threads_submit'])) $lock=0;
		if(isset($lock)) @mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, locked=".intval($lock), $connid);
	}
	header('Location: index.php?mode=index');
	exit;
	break;
case 'delete_spam':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		// OK.
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	$subnav_link = array('mode'=>'index', 'id' => $id, 'title'=>'back_to_index_link_title', 'name'=>'back_to_index_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_delete_spam.tpl.inc');
	break;
case 'delete_spam_submit':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		$result = mysql_query("SELECT id FROM ".$db_settings['forum_table']." WHERE spam=1", $connid) or raise_error('database_error',mysql_error());
		while($data = mysql_fetch_array($result))
		{
			delete_posting_recursive($data['id']);
		}
		mysql_free_result($result);
	}
	header('Location: index.php?mode=index');
	exit;
	break;
case 'report_spam':
	$id = intval($_GET['report_spam']);
	$delete_result = mysql_query("SELECT tid, pid, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, name, subject, category, spam, spam_check_status FROM ".$db_settings['forum_table']." WHERE id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($delete_result);
	if(mysql_num_rows($delete_result)==1)
	{
		if(empty($_SESSION[$settings['session_prefix'].'user_type']) || $_SESSION[$settings['session_prefix'].'user_type']!=1&&$_SESSION[$settings['session_prefix'].'user_type']!=2)
		{
			$smarty->assign('no_authorisation','no_auth_delete');
		}
		else
		{
			$smarty->assign('id',$id);
			$smarty->assign('pid',$field['pid']);
			$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
			$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
			$smarty->assign('disp_time',$field['disp_time']);
			$smarty->assign('spam',intval($field['spam']));
			$smarty->assign('spam_check_status',intval($field['spam_check_status']));
			$smarty->assign('back',$back);
			$smarty->assign('page',$page);
			$smarty->assign('order',$order);
			$smarty->assign('descasc',$descasc);
			$smarty->assign('category',$category);
			$smarty->assign('posting_mode',1);
		}
		if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
		else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
		$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	}
	else $subnav_link = array('mode'=>'index', 'name'=>'forum_index_link', 'title'=>'forum_index_link_title');
	$smarty->assign("subnav_link",$subnav_link);
	#$backlink = 'entry';
	$smarty->assign('subtemplate','posting_report_spam.tpl.inc');
	mysql_free_result($delete_result);
	break;
case 'report_spam_submit':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		if($settings['akismet_key']!='' && $settings['akismet_entry_check']==1)
		{
			$result = mysql_query("SELECT name, email, hp, subject, location, text FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
			$data = mysql_fetch_array($result);
			if(mysql_num_rows($result)==1)
			{
				require('modules/akismet/akismet.class.php');
				$akismet = new Akismet($settings['forum_address'], $settings['akismet_key']);
				$akismet->setCommentAuthor($data['name']);
				if($data['email'] != '') $akismet->setCommentAuthorEmail($data['email']);
				if($data['hp'] != '') $akismet->setCommentAuthorURL($data['hp']);
				$akismet->setCommentContent($data['text']);
				$akismet->submitSpam();
			}
			mysql_free_result($result);
		}
		if(isset($_POST['report_spam_delete_submit']))
		{
			delete_posting_recursive($id);
			header('location: index.php?mode=index');
			exit;
		}
		else
		{
			header('location: index.php?id='.$id);
			exit;
		}
	}
	else die('No authorisation!');
	break;
case 'flag_ham':
	$id = intval($_GET['flag_ham']);
	$result = mysql_query("SELECT tid, pid, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." MINUTE) AS disp_time, name, subject, category, spam, spam_check_status FROM ".$db_settings['forum_table']." WHERE id = ".$id." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($result);
	if(mysql_num_rows($result)==1)
	{
		if(empty($_SESSION[$settings['session_prefix'].'user_type']) || $_SESSION[$settings['session_prefix'].'user_type']!=1&&$_SESSION[$settings['session_prefix'].'user_type']!=2)
		{
			$smarty->assign('no_authorisation','no_auth_delete');
		}
		else
		{
			$smarty->assign('id',$id);
			$smarty->assign('pid',$field['pid']);
			$smarty->assign('name',htmlspecialchars(stripslashes($field['name'])));
			$smarty->assign('subject',htmlspecialchars(stripslashes($field['subject'])));
			$smarty->assign('disp_time',$field['disp_time']);
			$smarty->assign('spam',intval($field['spam']));
			$smarty->assign('spam_check_status',intval($field['spam_check_status']));
			$smarty->assign('back',$back);
			$smarty->assign('page',$page);
			$smarty->assign('order',$order);
			$smarty->assign('descasc',$descasc);
			$smarty->assign('category',$category);
			$smarty->assign('posting_mode',1);
		}
		if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
		else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
		$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	}
	else $subnav_link = array('mode'=>'index', 'name'=>'forum_index_link', 'title'=>'forum_index_link_title');
	$smarty->assign("subnav_link",$subnav_link);
	#$backlink = 'entry';
	$smarty->assign('subtemplate','posting_flag_ham.tpl.inc');
	mysql_free_result($result);
	break;
case 'flag_ham_submit':
	if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']>0)
	{
		$result = mysql_query("SELECT tid, name, email, hp, subject, location, text FROM ".$db_settings['forum_table']." WHERE id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
		$data = mysql_fetch_array($result);
		if(mysql_num_rows($result)==1)
		{
			@mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, spam=0, spam_check_status=0 WHERE id = ".intval($id), $connid);

			// set last reply time of thread as it wasn't set in spam status:
			$last_reply_result = @mysql_query("SELECT time FROM ".$db_settings['forum_table']." WHERE tid = ".intval($data['tid'])." ORDER BY time DESC LIMIT 1", $connid) or raise_error('database_error',mysql_error());
			$field = mysql_fetch_array($last_reply_result);
			mysql_free_result($last_reply_result);
			@mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply='".$field['time']."' WHERE tid=".intval($data['tid']), $connid);

			// send confirm mails as they haven't been seent in spam status: (2nd parameter "true" adds a delayed message)
			emailNotification2ParentAuthor($id, true);
			emailNotification2ModsAndAdmins($id, true);

			if(isset($_POST['report_flag_ham_submit']) && $settings['akismet_key']!='' && $settings['akismet_entry_check']==1)
			{
				require('modules/akismet/akismet.class.php');
				$akismet = new Akismet($settings['forum_address'], $settings['akismet_key']);
				$akismet->setCommentAuthor($data['name']);
				if($data['email'] != '') $akismet->setCommentAuthorEmail($data['email']);
				if($data['hp'] != '') $akismet->setCommentAuthorURL($data['hp']);
				$akismet->setCommentContent($data['text']);
				$akismet->submitHam();
			}
			header('location: index.php?id='.$id);
		}
		else
		{
			header('location: index.php?mode=index');
		}
		exit;
	}
	else die('No authorisation!');
	break;
case 'lock':
	// if user is authorized to lock:
	if(isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 2 || isset($_REQUEST['lock']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix']."user_type"] == 1)
	{
		$id = intval($_REQUEST['lock']);
		$lock_result = mysql_query("SELECT tid, locked FROM ".$db_settings['forum_table']." WHERE id='".$id."' LIMIT 1", $connid);
		if (!$lock_result) raise_error('database_error',mysql_error());
		$field = mysql_fetch_array($lock_result);
		mysql_free_result($lock_result);
		if ($field['locked']==0) mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, locked=1 WHERE tid = ".$field['tid'], $connid);
		else mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, locked='0' WHERE tid = ".$field['tid'], $connid);
		#if (empty($page)) $page = 0;
		#if (empty($order)) $order = "time";
		#if (empty($descasc)) $descasc = "DESC";
	}
	header("location: index.php?mode=".$back."&id=".$id);
	exit;
	break;
case 'fold_posting':
	$fold_check_result = mysql_query("SELECT id, folded, user_id, edit_key, UNIX_TIMESTAMP(time) AS time, locked FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['fold_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($fold_check_result);
	mysql_free_result($fold_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['fold_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
	if($authorization['fold']==true)
	{
		// OK.
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	$subnav_link = array('mode'=>'index', 'title'=>'back_to_index_link_title', 'name'=>'back_to_index_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_fold.tpl.inc');
	break;
case 'fold_posting_confirmed':
	// if user is authorized to lock:
	$fold_check_result = mysql_query("SELECT id, folded, user_id, edit_key, UNIX_TIMESTAMP(time) AS time, locked FROM ".$db_settings['forum_table']." WHERE id = ".intval($_REQUEST['fold_posting']), $connid) or raise_error('database_error',mysql_error());
	$field = mysql_fetch_array($fold_check_result);
	mysql_free_result($fold_check_result);
	$authorization = get_edit_authorization(intval($_REQUEST['fold_posting']), $field['user_id'], $field['edit_key'], $field['time'], $field['locked']);
	if($authorization['fold']==true)
	{
		if ($field['folded']==0) mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, folded=1, comment='".$_REQUEST['comment']."' WHERE id = ".$field['id'], $connid);
		else mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, folded='0', comment='' WHERE id = ".$field['id'], $connid);
		// if ($field['folded']==0) mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, folded=1 WHERE id = ".$field['id'], $connid);
		// else mysql_query("UPDATE ".$db_settings['forum_table']." SET time=time, last_reply=last_reply, edited=edited, folded='0'  WHERE id = ".$field['id'], $connid);
		header("location: index.php?mode=".$back."&id=".$id);
		exit;
			
	}
	else
	{
		$smarty->assign('no_authorisation','no_authorisation');
	}
	if($field['name']) $smarty->assign('name_repl_subnav',htmlspecialchars(stripslashes($field['name'])));
	else $smarty->assign('name_repl_subnav',$lang['unknown_user']);
	$backlink = 'entry';
	$subnav_link = array('mode'=>$back, 'id' => $id, 'title'=>'back_to_entry_link_title', 'name'=>'back_to_entry_link');
	$smarty->assign("subnav_link",$subnav_link);
	$smarty->assign('subtemplate','posting_fold.tpl.inc');

	break;
}

// CAPTCHA:
if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_posting']>0)
{
	if($settings['captcha_posting']==2)
	{
		$_SESSION['captcha_session'] = $captcha->generate_code();
	}
	else
	{
		$_SESSION['captcha_session'] = $captcha->generate_math_captcha();
		$captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
		$captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
	}
	$captcha_tpl['session_name'] = session_name();
	$captcha_tpl['session_id'] = session_id();
	$captcha_tpl['type'] = $settings['captcha_posting'];
	$smarty->assign('captcha',$captcha_tpl);
} 

$template = 'main.tpl';
?>
